Firewall Wizards mailing list archives
AW: SMTP A/V Design
From: SBSIP21M C2 <IP21M.C2 () mch20 sbs de>
Date: Tue, 23 Feb 1999 09:08:54 +0100
I have setup such a beast in the following configuration: 1. A firewall-1 runing the SMTP security server. Then You configure A/V scanning using CVP. All mail will be send by CVP to the A/V Machine (Trend Micro is pretty good at this). Then the A/V machine scans the mail and if it is OK send's it back to the Firewall for delivery. You can configure the A/V machine to do a lot of tricks for you. It can also scan ftp, http and java traffic. you can run A/V on NT, or Unix- Solaris, HP, IBM ?. You can even run AV on the Firewall if you want to save a machine. I am pretty confortable with this setup Hope this answers the question Regards Klaus
-----Urspr> üngliche Nachricht----- Von: Rodney van den Oever [SMTP:roever () nse simac nl] Gesendet am: Sonntag, 21. Februar 1999 10:14 An: Matt McClung Cc: firewall-wizards () nfr net Betreff: Re: SMTP A/V Design At 12:51 16-02-1999 -0700, Matt McClung wrote:1. Internet email for x company is first identified at the firewall. 2. The firewall knows to pass SMTP traffic to a A/V scanning server, which it does 3. The A/V Servers finds nothing and sends back the message information to the firewall 4. The firewall then allows the email to the mail relay server on it service network (MX) 5. The Mail relay server (running sendmail) scans the envelope and other information to determine if the email is for a domain it is accepting mail for... 6. The mail relay host delivers mail to an internal SMTP server for final deliver to the email system. Questions: This almost seems like its too complicated with the seperate A/V Server and mail relay host. The delivery time is not the main concern, but rather the complexity and the steps the messages takes to finally get delivered. Anyone created such a beast? Because of the software (A/V) you have only a small choice of platforms, as well as the relay host. Therefore, you almost have to have something like this. Of course, this assumes that your company policy is to scan the email before it is allowed into the internal network (good idea). Otherwise you could do desktop scanning, or mail server scanning. INFO: The FW is FW-1 using CVP. The A/V server is NT running an A/V application to check SMTP and the mail relay host is a Sun Ultra running sendmail 8.9.xWhy not: 1. Accept incoming mail (by MX) to the A/V-server on the service network. Because you're already proxying SMTP twice (A/V + Sendmail), I don't see any use for CVP. Also: I'd rather force all mail through the A/V-server rather than thrust CVP to decide on the content. 2. Place the mail relay on the service network as well and let the A/V-server forward all mail to the mail relay directly, without intervention of the firewall. Depending on the capabilities (mail routing, anti-spam, rewriting) of the A/V-server (I only have experience with MIMEsweeper) you might be able to skip the mail relay and let the A/V-server handle everything. 3. Then allow the mail relay (or A/V-server, if my above suggestion is acceptable) to exchange SMTP with the internal mailserver or gateway. ?Matt McClung Net.Works Security Engineer mmcclung () ndwcorp com-- Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53 'Software is like sex; it's better when it's free' - Linus Torvalds
Current thread:
- AW: SMTP A/V Design SBSIP21M C2 (Feb 24)